As you might imagine there is so much to the topic of personal information security. This series of articles has merely scratched the surface. Hopefully it will help you become less likely to become a victim of Malware, Viruses, Phishing or other mishaps. While working on the content it was obvious that there were lots of tools and concepts that deserve your consideration. Consider this the extra credit or perhaps icing on the cake if you’ve made it this far. Here are some other valuable tools, in no particular order:

Ninite

OpenDNS

Spybot2

Malware Bytes

Foxit Reader

Google Authenticator

LastPass

Eset Antivirus and Security Products

Ninite.com a hassle free place to install and update free software

When you first visit the Ninite website, it doesn’t look like much. Don’t let the no frills look fool you, Ninite is a must have in your personal information security portfolio for several reasons:

You can install all the applications featured without user intervention.

No “extras” are added on, just the software you request, no toolbars or extra goodies.

You can run the installer later to update the applications.

Say you get a new computer and you want to add a few common applications. You go to ninite.com and check the boxes for those apps and it generates a single .exe file that can be used to install or update those apps. Its that simple.

Open DNS

A DNS server tells your computer the numerical address of a name. Open DNS uses this to provide an extra layer of protection to you by preventing you from accessing known Malware and phishing sites. It is very easy to take advantage of this service, you don’t even need an account (but having one gives you some cool advantages) you just have to use the OpenDNS servers. Go to their setup page for instructions on how to configure your device(s) to use OpenDNS.

Spybot 2 – Inoculate, Scan and Remove Malware and Viruses

Spybot2 is really handy in a few ways. One is the inoculation component, this protects your browser and system from some common Malware and Viruses. It also includes a scanner as well as a real time protection. It is most effective to use when you first get your windows computer or after a fresh installation/restoration of your operating system.

Malware Bytes – Scan and Clean Malware and Viruses

Malwarebytes offers a real time scanner in their premium product, however it can be useful to just run a scan on your computer. Using different scanners (not real time protection!) combined can give you better peace of mind that your system is in good shape. Do not run multiple real-time protection products that do the same thing or it could bog down performance or worse.

Foxit Reader – Breaking the Chains from Adobe Acrobat Reader

Recently I wrote an article about my personal abandoning of Adobe Reader in favor of Foxit Reader. Adobe Reader is far too common of a target and frequently shows up on security notices. Unfortunately being the biggest player in a space also makes you the biggest target, and that certainly applies to Adobe Reader. You’re probably better off not taking the chance and having to worry about the constant updates and security patches necessary to secure Adobe Reader.

Google Authenticator

Two Factor Authentication can help you in the event that somehow a password gets compromised. For example if you use LastPass and someone managed to get their hands on your master password, it would be useless to them if you use Two Factor Authentication with your LastPass account. The moment they tried to access the account they would receive a popup requesting the authenticator code. There is a good tutorial on setting this up over at How To Geek.

LastPass “The Last Password You Have to Remember”

LastPass is a very useful application. Combined with Google Authenticator you can really improve your password quality. This will reduce the chance of having an account compromised through either a brute force (repetitive attempts to crack it) or dictionary (guesses based on common password combinations) attacks as each and every site you access has a unique and strong password. The “keys to the kingdom” is your master password, so take time to invest in making this both secure but also memorable.

Eset Antivirus and Security Products

Professionally I’ve been involved with Eset Products for quite some time. I always found them to be effective and not bad on system resources. I’ve written a lot about and mentioned Eset products in prior articles, here they are for added convenience:

A Closing Reminder

Remember that personal information security is about you. It’s about your web habits, what websites you use, how you setup your computer, and your commitment to understanding the threats that are out their. Don’t be lulled into a false sense of security by sales pitches for security products or by that free antivirus software your internet provider gave you. You are in control and you are responsible. Hopefully this series of articles has given you a boost in the right direction. Your comments and feedback are always welcome.

Since there are things that we cannot protect ourselves from online, the next best solution is to prevent them from harming your computer. This can be accomplished on Windows Platforms by using security software called Sandboxie. What Sandboxie does is creates a virtual sandbox for your browser and other applications to use that does not affect the rest of your operating system. It accomplishes this by storing all the changes that would have been to your system registry and file system into a virtual space on your hard disk. This virtual space is controlled by the Sandboxie application and it can be reset at any time, we’ll get into that more later.

Step One – Choose your Version, Download/Purchase and Install

There are only really a few options for Sandboxie. The big one is whether you are using for home or business use. If you are using it for home, you have the option to use the shareware version. The free version has a reminder every time it starts up for a few seconds and does not allow forced programs or folders. The average home user will probably not take advantage of the advanced features, however I would still recommend licensing the product because it is inexpensive and it will allow the developer to continue to improve it. Commercial users must always pay for the product in the form of an annual subscription.

Step Two – Install and Configure Sandboxie

The product is very simple to install, just follow the prompts. There is nothing that requires configuration.

Step Three – Using Sandboxie to Safely Open Files or Programs

Once installed to use the software you can either right click any file, shortcut or program and choose “run Sandboxed” as pictured:

Right click menu “Run Sandboxed”

Once you’ve done this, the item will open in the Sandboxed space. You will know which windows are running in there by the yellow border surrounding them:

Yellow border indicates it is running “Sandboxed”

Had this program been malware, a virus or some other undesirable application that would damage your computer, the sandbox would protect you. The “damage” would be done to the files in the virtual space that Sandboxie is running.

Step 4 – Using a Sandbox to Access the Internet and Webmail

Earlier it was suggested to use a sandbox for your web browser and Web Mail. The reason for that is simple, the sandbox gives you protection that neither antivirus or the most careful user can. A Sandboxed web browser can give you protection from even un-known exploits. Think of it as peace of mind for anything you access using a web browser. To access a Sand Boxed web browser either right click the shortcut to the browser you’d like to use or click the “Pizza Like” icon entitled “Sandboxed Web Browser” you may want to keep it pinned to your taskbar:

You will know again by the yellow border around the browser, just like the earlier example. While in this mode you can enjoy a layer of protection for your operating system. Nothing that you can access should be able to hurt you unless it is information you input (type) or files that you download and “recover locally”. We’ll address those exceptions more carefully in the next section.

Sandboxie is not an excuse to be careless and cannot protect you from everything

Sandboxie will isolate your computer from Malware, Viruses or other things with a few very critical exceptions. Keep in mind that anything you type including passwords, etc, may be captured by malware or key loggers that are able to infect the environment. To avoid this it is critical that you purge the contents of your sandbox periodically, particularly if something suspicious has been accessed. This can be done several ways, but the easiest is through the start menu/programs/Sandboxie/Sandboxie Control.

Purging Items in your Sandbox

It is also important to keep in mind that besides programs that could be running inside the Sandbox, other information and cookies may be present. So even if you think everything is fine, you still may wish to run the Sandboxed browser in Incognito/InPrivate mode to avoid allowing access to any cookies or sessions that may be running in the normal Sandboxed browser. Think of the advertisements you see on Facebook two minutes after you were on an E-Commerce website. Incognito/InPrivate mode will protect you from that kind of targeting.

Another way to completely undermine the safety that your Sandbox gives you is by saving a file downloaded through it locally. This is a really bad idea unless you are 100% certain the file is okay. The dialogue box looks like this, click “Close” if you want to leave the file in the Sandbox where it likely belongs:

Choose “Close” to avoid the file leaving the Sandbox.

Always Know Your Limits

There are some useful tips in this article, if you are unsure of something don’t take risks with your personal information security. Do some research and educate yourself before making a mistake.

While assessing ways to stay safe from personal information security breeches online, it is critical to understand where we are most vulnerable. Picture your entire information security footprint as a chain, in that chain there are a number of links. The most likely place for you to be compromised is the weakest link in this chain. While we won’t address all of them, here is an example of what some of your links are:

Firewall Hardware

Wireless Access Point

Encryption method

Hardware Firmware

Strength of Password

Personal Computer

File and Disk Encryption

Strength of Password

Software Security Patch Status

Email Account

Provider Filtering

Strength of Password

Circulation of Address

Web Browser

Browser patching

Security Settings

Sandboxing

User

Cautious or careless?

Gullibility

Greed

In the interest of space, this is an abbreviated list, but it hits many of the high points and in particular the big three – User, Browser and Email. The purpose of this series is to address you as a user we touched on it in the first part of this article as well as this personal information security article from 2010. Let’s look at your Web Browser and Email account next.

Web Browsers Role in Personal Information Security

Your web browser is your eyes on the World Wide Web. Without a web browser the 3+ billion active users of the web could not access the 45 billion+ pages of content. In terms of information security, this places the browser at an extremely critical place. If there is one small loophole in the security of the web browser you use, a visit to a single website can lead to a complete compromise of your accounts or worse your identity. In fact in just the 10 seconds or so it took you to read this paragraph, 5 people have become victims of identity theft, 1 every 2 seconds!

It’s Still About You

If the browser is your eyes, you are the brain. Your actions are the real key here. You can do all the right things in terms of securing your web browser:

And in spite of all these precautions still experience a compromise of your information security. You have to commit to becoming a cautious Internet user. Some habits of a cautious Internet user include:

Implement and use a Sandbox (next in this article series)

Stick to only reputable websites.

Only install software from trusted sources.

Validate any unusual correspondence/requests via a phone call to the Company or Individual that sent them.

Never giving personal information unless you initiated the connection (e.g. log on to Amazon.com directly through your browser address bar).

Limit your online shopping to known companies, use Paypal for smaller/lesser known companies.

Not sure about something? Don’t use it.

With those precautions you will be much safer on the web.

Email Accounts Role in Personal Information Security

Email accounts can be accessed either through Web Mail or using an app on your smart phone or computer. The Email address is a public conduit to you from the outside world. Up to this point we’ve talked about things you directed, in the case of Email it is the reverse, what is coming at you specifically. Email has played a role in many hi profile compromises such as the hacking of the RSA, a security firm. The individuals were targeted because of where they worked and the implications were huge. You may not work for a security software company, but you are still a potential target of either direct or broadcast type attacks. The more personal the attack, the more difficult it may be to recognize and avoid it. The broadcast type attacks are usually easy to identify and are obvious to the average Internet user. Many attempts are specific to commonly used products such as ADP payroll, Facebook, even LinkedIn, or other Generic Phishing attempts.

Best Practices for Better Email Security

For starters you should use a strong password for your Email account. Every password you use should also be unique, you can use this tool to generate a strong password be sure to check the box for special characters and hit generate. Write this password down and store it in a safe place until you have memorized it. No-one will guess your password now.

Make sure the company you use for Email hosting has strong filtering in place. I recommend Rackspace (for business) and Google Gmail (for personal) Email, both are fairly good. There is no perfect solution, but using a company that does an above average job means you will see less dangerous stuff in your inbox.

Always access your Web Mail using a sandbox. You will learn more about this in article 3 of this series.

Maintain one or more junk accounts or aliases, those are either accounts that forward to your main one or aliases of the main account that can be easily deleted. This helps to keep your mail Email address in lower circulation. The more circulated your address becomes, the more likely you are to receive malicious or junk messages. Never give your core Email address out to non-essential entities such as blog sign ups, shopping, etc. unless you feel you are adept at dealing with those risks. It is also nice to have a backup Email account as well, for personal or business use.

Set the bar really high for what you allow yourself to click or open, particularly if you don’t have a way to sandbox it. This applies especially to attachments and links from unsolicited sources.

Use security software that protects your Email client (if you use an Email application such as Outlook) or Web browser (if you use Web Mail). Also understand the limits of your security software (read step 4 of this article).

Wrapping Up

These are just some suggestions, as you can probably see by this brief article, this is a complex topic. Don’t worry or become over-whelmed, the best part is yet to come, in part 3 of this series.

Back in October 2010 I wrote an article about personal choices being the most powerful information security tool. It is now January 2015 and while other things have changed, this simple fact has not. You are still the most critical piece in both your personal and work information security apparatus. In light of all the recent developments including the very high profile hacking of Sony Pictures Entertainment and while preparing for an upcoming speaking engagement, I decided it was time to refresh some of the content here on my blog.

This means you. 🙂

The Next Steps

This is obviously article #1 of this series, what will be addressed in 2-4 and why?

Where we are most vulnerable online.

A powerful tool to keep you safe online.

Other valuable tools for Personal Information Security.

Where are we most vulnerable online?

In this section the specific applications and services that are most likely to lead to a compromise of your information security are to occur. This will enable you to be particularly cautious and invest time where it is most likely to spare you the inconvenience and expense of being compromised.

What tools are available to protect you online?

With knowledge of where you are most vulnerable, we’ll address one particular tool that will help protect you. It is unlikely that you’ve heard of this tool, but you will find that it is a powerful asset to keep you safe.

Other Valuable Tools

Some extra tools are covered that will help make your online experience more secure.